Main Line Health strengthens identity security to support patient-centric care
Since 1985, Main Line Health has served as a cornerstone of care for the Philadelphia region and beyond. As a non‑profit health system, it brings together five hospitals, seven health centers, and more than 150 practice locations. Its strength lies in a community of more than 14,000 employees and a network of over 2,100 physicians and providers dedicated to advancing health and well‑being.
Challenge
Main Line Health identified an opportunity to further mature its identity governance practices, particularly for access to its Epic EHR environment. Existing processes relied heavily on manual reviews and periodic certifications, which limited visibility into detailed access entitlements and created administrative friction during review cycles. Additionally, the increasing diversity of the workforce, including employees, nursing and medical students, and third-party partners, added complexity to access management and reinforced the need for a more standardized, role-based approach.
Solution
Main Line Health selected SailPoint Identity Security Cloud to enhance Epic EHR access governance and streamline the management of non-employees across 20,000 identities. SailPoint distinguished itself through its deep Epic integration, intuitive user experience, and scalable Non-Employee Risk Management (NERM) capabilities. By automating identity lifecycle processes and introducing more granular, role-based certifications, Main Line Health strengthened access governance while reducing manual effort. These improvements support a more consistent, auditable approach to identity security, allowing teams to focus on delivering high quality patient care while protecting sensitive information.
- Industry
- Healthcare
- Company size
- 14,000 employees
- Products
- Identity Security Cloud
- Non-Employee Risk Management
With SailPoint, we’ve evolved identity management from a highly manual process into a more automated and efficient system. This has improved operational workflows and helped our teams stay focused on delivering exceptional patient care.”
Richard Layne, Manager of Identity and Access Management, Main Line Health
Managing identity security in healthcare requires balancing timely access to critical systems with strong governance over sensitive data. For Main Line Health, this balance was made more complex by a diverse population of employees, contractors, vendors, and students, each with unique access needs across clinical and operational systems.
Recognizing the need to further standardize and scale identity governance, Richard Layne, Manager of Identity and Access Management, led an initiative to enhance visibility, consistency, and automation across access reviews and lifecycle management.
The identity security opportunity
Prior to SailPoint, access reviews for Epic were largely high-level and timebound. Managers were asked to validate access without always having detailed insight into underlying entitlements or whether access aligned with current job responsibilities. While effective for basic oversight, this approach left room for improvement in precision and efficiency.
Key challenges included:
- Legacy access persistence: Employees moving between roles or departments could retain access longer than necessary without a structured, role-based review framework.
- Limited review context: Managers had minimal visibility into detailed Epic templates, making certifications more difficult and time consuming.
- Resource intensive review cycles: Annual certifications placed a heavy administrative burden on clinical leaders, particularly nurse managers.
To address these areas and support ongoing audit readiness, Main Line Health prioritized a more modern, automated identity security model.
Why Main Line Health chose SailPoint
Following a structured evaluation, Main Line Health selected SailPoint for its ability to align identity governance with healthcare specific requirements, especially Epic EHR access and non‑employee identity management.
Three differentiators stood out:
- Epic governance: Template level Epic recertifications provided clearer insight into access and supported more informed decision‑making.
- Scalable non-employee management: SailPoint NERM enabled consistent onboarding and offboarding for students and third-party users, even as volumes grew significantly.
- Intuitive user experience: A streamlined interface reduced administrative overhead and simplified certification tasks for managers.
Main Line Health completed deployment in approximately six months, focusing on three key priorities:
1. Lifecycle automation: Working closely with HR and Compliance, the team automated joiner, mover, and leaver processes to improve consistency and reduce manual effort.
2. Non‑employee governance: NERM established a centralized source of truth for non-employees, including nursing students and EpicCare Link users.
3. Epic integration: Integration with Epic aligned user access, provider records, and training requirements, supporting accurate and timely access provisioning.
Boosting efficiency, security and compliance
The implementation of SailPoint has been transformative for Main Line Health. “With SailPoint, we’ve evolved identity management from a highly manual process into a more automated and efficient system. This has improved operational workflows and helped our teams stay focused on delivering exceptional patient care,” explained Richard.
With SailPoint, Main Line Health has unlocked new levels of efficiency, security, and compliance. The SailPoint implementation has delivered meaningful operational and governance benefits, including:
- Streamlined student onboarding: Automated workflows now provide students with timely, role appropriate access while maintaining strong governance controls.
- End-to-end Epic automation: Employee and clinical staff access provisioning is largely automated, improving accuracy and turnaround times for new hires and role changes.
- Improved lifecycle efficiency: Automated processes reduced onboarding and offboarding timelines by 75%, helping minimize access risk.
- Reduced manual reviews: Automation lowered manual Epic provisioning activity by 70% and saved 15–20 staff hours per certification campaign. As Richard explained, “For Epic recertification, SailPoint provides a level of structure and visibility that sets it apart. The collaboration and trust we’ve built with our compliance and internal audit partners has been a significant positive step forward.”
- Enhanced audit readiness: Standardized certifications and reporting support ongoing alignment with healthcare regulatory and security frameworks, including HIPAA and HITRUST.
Building on a strong foundation
With a modern identity governance foundation in place, Main Line Health continues to advance its security maturity. Planned integration with privileged access management will further protect privileged credentials and critical accounts, reinforcing a defense in‑depth approach.
For Main Line Health, identity governance is not simply a technical initiative; it is an enabler of secure, patient-centered care. By pairing automation with strong governance, the organization is strengthening trust, supporting clinicians, and preparing for the future of healthcare security.
